English Cloud And Smartphone Data Security

You probably heard some sermons about how putting your data in the clouds isn’t such a great idea? Well, imagine a cloud of clouds, where all your accounts are linked and the accesses are granted : your smartphone.

What happens if you lose your cellphone? Oh right, it’s locked and secure, you can even remote wipe it! Ummm don’t be so sure - let’s just remove the SIM card, you can’t remote wipe it. Oh yep, don’t connect it to internet right now. As for the unlock, iPhone had their share of exploits to circumvent the “lock security”. Pattern passwords can be cracked, or even worse, reset with adb. Can’t count on that, unless some n00b finds your phone and just resets it.

But...what happens if it isn’t a n00b? With what I just said, it isn’t too hard to get to the data. I tried with my own cellphone, an older one, did ask a friend to set his cloud accounts, Facebook, corporate email accounts (Exchange with ActiveSync), Google accounts synced to drive, and some apps. Then I asked him to set a password that he’s not going to tell me.

In less than 90 minutes, I could :

Dump his cellphone backup with ClockWorkMod on his Google Drive

Download a complete backup of his Facebook account

Access a picture of his passport

Grab some passwords from his workplace, VPN, DMZ, OWA and Intranet accesses